wireshark/wireshark-CVE-2018-19626.patch

From ec6ace066ae4c889d4c18a0a38a8c6053483877b Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 11 Oct 2018 13:04:03 +0200
Subject: [PATCH] DCOM: always NUL-terminate dissect_dcom_BSTR results

All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.

Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-dcom.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c
index d12216a..79cf6a6 100644
--- a/epan/dissectors/packet-dcom.c
+++ b/epan/dissectors/packet-dcom.c
@@ -1725,8 +1725,10 @@ dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 	offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep,
 			&u32ArraySize);
 
-	if ((guint32)offset + u32ArraySize*2 > G_MAXINT)
+	if ((guint32)offset + u32ArraySize*2 > G_MAXINT) {
+		pszStr[0] = 0;
 		return offset;
+	}
 
 	realOffset = offset + u32ArraySize*2;
 
-- 
1.7.12.4